Computer Networking: A Top-Down Approach, Kurose and Ross, 6th Edition, Solutions to Review Questions and Problems – Chapter 2

Ankur Kulhari

Chapter 2 Review Questions

Section 2.1

Q1. List five nonproprietary Internet applications and the application-layer
protocols that they use.

Solution. Following are the nonproprietary Internet applications and the protocols at application-layer used by them:

  1. The Web Applications: These applications use Hyter Text Transfer Protocol (HTTP),
  2. File Transfer Applications: These applications use File Transfer Protocol (FTP),
  3. Remote Login Applications: These applications use Telnet protocol,
  4. E-mail Applications: These applications use Simple Mail Transfer Protocol,
  5. BitTorrent file sharing Applications: These applications use BitTorrent protocol

Q2. What is the difference between network architecture and application


  • Network architecture refers to the organization of the communication process into layers (e.g., TCP/IP or OSI Internet architecture) .
  • Application architecture, is designed by an application developer and refers to the broad structure of the application (e.g., client-server or point-to-point architecture).

Q3. For a communication session between a pair of processes, which process is the client and which is the server?

Solution. The Client process always initiates the communication and the server process waits to be contacted. Client first asks for service or query and in response the server provides the requested service.

Q4. For a P2P file-sharing application, do you agree with the statement, “There is no notion of client and server sides of a communication session”? Why or why not?

Solution. No, the statement is not true. In a Point-to-Point file-sharing application, the peer that is receiving a file is typically the client and the peer that is sending the file is typically the server.

Q5. What information is used by a process running on one host to identify a process running on another host?

Solution. An application is uniquely identified with the help of the IP address of the destination host and the port number of the socket in the
destination process.

Q6. Suppose you wanted to do a transaction from a remote client to a server as fast as possible. Would you use UDP or TCP? Why?

Solution. For the fast transaction, UPD is best suitable due to its less overhead during the communication. With UDP, the transaction can be completed in one round trip time (RTT) – the client sends the transaction request into a UDP socket, and the server sends the reply back to the client’s UDP socket.
Whereas TCP usage Acknowledgements to provide reliable communication which leads extra overhead during the communication. With TCP, a minimum of two RTTs are needed – one to set-up the TCP connection, and another for the client to send the request, and for the server to send back the reply.

Q7. Referring to Figure 2.4, we see that none of the applications listed in Figure 2.4 requires both no data loss and timing. Can you conceive of an application that requires no data loss and that is also highly time-sensitive?

Figure 2.4

Solution. Remote word processing is highly sensitive towards data loss and  timings, for example, with Google docs. 

Q8. List the four broad classes of services that a transport protocol can provide. For each of the service classes, indicate if either UDP or TCP (or both) provides such a service.

Solution. Following are broad classes of services provided by transport protocol:

  1. Reliable data transfer: TCP usage Ack to provide reliable data transfer services but UDP does not.
  2. Guaranteed minimum throughput: Neither TCP nor UDP provides guaranteed minimum throughput.
  3. Time bound delivery: Neither TCP nor UDP provides time bound delivery.
  4. Confidentiality (via encryption):Neither TCP nor UDP provides confidentiality.

Q9. Recall that TCP can be enhanced with SSL to provide process-to-process security services, including encryption. Does SSL operate at the transport layer or the application layer? If the application developer wants TCP to be enhanced with SSL, what does the developer have to do?

Solution. SSL (Secured Sockets Layer) is application layer protocol. The SSL socket takes unencrypted data from the application layer, encrypts it and then passes it to the TCP socket. If the application developers wants TCP to be enhanced with SSL, they have to include the SSL code in the application.

Section 2.2–2.5

Q10. What is meant by a handshaking protocol?

Solution. During handshaking the two communicating entities first exchange control information packets before sending data to each other. Simple Mail Transfer Protocol (SMTP) uses handshaking at the application layer whereas Domain Name System (DNS) does not.

Q11. Why do HTTP, FTP, SMTP, and POP3 run on top of TCP rather than on UDP?

Solution. The applications using above protocols require ordered delivery of all application data and without any loss or gaps. TCP provides this service whereas UDP does not.

Q12. Consider an e-commerce site that wants to keep a purchase record for each of its customers. Describe how this can be done with cookies.

Solution. When the user first visits the site, the server creates a unique identification number, creates an entry in its back-end database, and returns this identification number as a cookie number.
This cookie number is stored on the user’s host and is managed by the browser.
During each subsequent visit (and purchase), the client browser sends the cookie number back to the site server.
Thus the site server knows when this user (this browser) is visiting the site.

Q13. Describe how Web caching can reduce the delay in receiving a requested object. Will Web caching reduce the delay for all objects requested by a user or for only some of the objects? Why?

Solution. Web caching can bring the desired content “closer” to the user, possibly to the same LAN to which the user’s host is connected. Web caching can reduce the delay for all objects, even objects that are not cached, since caching reduces the traffic on links. This is possible only when local caching is activated and the requested objects are available in the cache system stored as a result of past request made for these objects.

Q14. Telnet into a Web server and send a multi line request message. Include in the request message the If-modified-since:header line to force a response message with the 304 Not Modified status code.

Solution. Do it yourself.

Q15. Why is it said that FTP sends control information “out-of-band”?

Solution.  FTP uses two parallel TCP connections over two ports 20 and 21, one connection for sending control information (such as user credentials and a request to transfer a file) and another connection for actually transferring the file. Because the control information is not sent over the same connection that the file is sent over, FTP sends control information out of band.

Q16. Suppose Alice, with a Web-based e-mail account (such as Hotmail or gmail), sends a message to Bob, who accesses his mail from his mail server using POP3. Discuss how the message gets from Alice’s host to Bob’s host. Be sure to list the series of application-layer protocols that are used to move the message between the two hosts


  • The message is first sent from Alice’s host to her mail server over HTTP.
  • Alice’s mail server then sends the message to Bob’s mail server over SMTP.
  • Bob then pulls or transfers the message from his mail server to his host over POP3.

Q17. Print out the header of an e-mail message you have recently received. How many Received:header lines are there? Analyze each of the header lines in the message.

Solution. Do it by yourself.

Q18. From a user’s perspective, what is the difference between the download-and delete mode and the download-and-keep mode in POP3?

Solution. With download and delete, after a user retrieves its messages from a POP server, the messages are deleted from POP server.
This poses a problem for the nomadic user, who may want to access the messages from many different machines (office PC, home PC, etc.).
In the download and keep configuration, messages are not deleted after the user retrieves the messages.
This can also be inconvenient, as each time the user retrieves the stored messages from a new machine, all of non-deleted messages will be transferred to the new machine (including very old messages) .

Q19. Is it possible for an organization’s Web server and mail server to have exactly the same alias for a hostname (for example, What would be the type for the RR that contains the hostname of the mail server?

Solution.  Yes an organization’s mail server and Web server can have the same alias for a host name. The MX record is used to map the mail server’s host name to its IP address.

Q20. Look over your received emails, and examine the header of a message sent from a user with an .edu email address. Is it possible to determine from the header the IP address of the host from which the message was sent? Do the same for a message sent from a gmail account.

Solution. You will not be able to see the sender’s IP address. Examine by yourself.

Section 2.6
In Bit Torrent, suppose Alice provides chunks to Bob throughout a 30-second interval. Will Bob necessarily return the favor and provide chunks to Alice in this same interval? Why or why not?

Solution. It is not necessary that Bob will also provide chunks to Alice. Alice has to be in the top 4 neighbors of Bob for Bob to send out chunks to her; this might not occur even if Alice provides chunks to Bob throughout a 30-second interval. 

Q22. Consider a new peer Alice that joins Bit Torrent without possessing any chunks. Without any chunks, she cannot become a top-four uploader for any of the other peers, since she has nothing to upload. How then will Alice get her first chunk?

Solution. In BitTorrent, a peer picks a random peer and optimistically unchokes the peer for a short period of time. Therefore, Alice will eventually be optimistically unchoked by one of her neighbors, during which time she will receive chunks from that neighbor.

Q23. What is an overlay network? Does it include routers? What are the edges in the overlay network?

Solution. The overlay network in a P2P file sharing system consists of the nodes participating in the file sharing system and the logical links between the nodes. There is a logical link (an “edge” in graph theory terms) from node A to node B if there is a semi permanent TCP connection between A and B. An overlay network does not include routers. 

Q24. Consider a DHT with a mesh overlay topology (that is, every peer tracks all peers in the system). What are the advantages and disadvantages of such a design? What are the advantages and disadvantages of a circular DHT (with no shortcuts)?


Mesh DHT:

  • The advantage is in order to a route a message to the peer (with ID) that is closest to the key, only one hop is required;
  • The disadvantage is that each peer must track all other peers in the DHT.

Circular DHT:

  • The advantage is that each peer needs to track only a few other peers;
  • The disadvantage is that O(N) hops are needed to route a message to the peer that is closest to the key.

Q25. List at least four different applications that are naturally suitable for P2P architectures. (Hint:File distribution and instant messaging are two.)

Solution. Following are the applications that are suitable for P2P architectures:

  1. File Distribution
  2. Instant Messaging
  3. Video Streaming
  4. Distributed Computing

Section 2.7

Q26. In Section 2.7, the UDP server described needed only one socket, whereas the TCP server needed two sockets. Why? If the TCP server were to support n simultaneous connections, each from a different client host, how many sockets would the TCP server need?

Solution. With the UDP server, there is no welcoming socket, and all data from different clients enters the server through this one socket.

With the TCP server, there is a welcoming socket, and each time a client initiates a connection to the server, a new socket is created. Thus, to support n simultaneous connections, the server would need n+1 sockets.

Q27. For the client-server application over TCP described in Section 2.7, why must the server program be executed before the client program? For the client server application over UDP, why may the client program be executed before the server program?

Solution. For the TCP application, as soon as the client is executed, it attempts to initiate a TCP connection with the server. If the TCP server is not running, then the client will fail to make a connection. For the UDP application, the client does not initiate connections (or attempt to communicate with the UDP server) immediately upon execution

Chapter 2 Problems

Q1. True or false?

  1. A user requests a Web page that consists of some text and three images. For this page, the client will send one request message and receive four response messages.
  2. Two distinct Web pages (for example, and can be sent over the same persistent connection.
  3. With nonpersistent connections between browser and origin server, it is possible for a single TCP segment to carry two distinct HTTP request messages.
  4. The Date:header in the HTTP response message indicates when the object in the response was last modified.
  5. HTTP response messages never have an empty message body.


  1. False, The client must send one request per each object. Thus client has to send 4 requests messages and will receive 4 response messages from server. Now if,
    • Non-Persistent connection is used: All 4 request and response messages will be sent over four separate  TCP connections.
    • Persistent connection is used: All these 4 request and response messages will be sent over one  TCP connections.
    • Therefor the statement ” client receive 4 response messages for one request msg is FALSE.
  2. True, As, both the objects belongs to the same web server “” and requested by the same client, so can be downloaded over single persistent connection.
  3. False, In a nonpersistent connection, for every request a new connection is established and a single object can be transferred over it. In this case also, the connection will be closed once the first message is received, and a new connection opened to send the second message.
  4. False, The date: field in header contains the date and time when the object in the response of the client’s request was created and sent at server. Their is no field in the header to show details of last modification date and time.
  5. False, When server finds the requested object with it, the object is sent in the body of the response message, but when the requested object is not found, server sends a response message indicating error code (i.e. 404 or 503 etc) in the header with empty message body.

Q2. Read RFC 959 for FTP. List all of the client commands that are supported by the RFC.

Solution. RFC 959 refers to File Transfer Protocol (FTP). Following are some commonly used client commands supported in FTP:

  • Access control commands: they mostly deal with who it is accessing the server and what privileges that user has.
    • USER: Authentication username.
    • PASS: Authentication password.
    • ACCT: Account information.
    • CWD: Change Working Directory
    • CDUP: Change to Parent Directory
    • SMNT: Mount File Structure
    • REIN: Re initializes the connection.
    • QUIT: Logout
  • Transfer parameter commands: 
    • PORT: Specifies an address and port to which the server should connect.
    • PASV: Enter passive mode.
    • TYPE: Sets the transfer mode (ASCII/Binary).
    • STRU: Set file transfer structure.
    • MODE: Sets the transfer mode (Stream, Block, or Compressed).
  • Service commands: The FTP service commands define the file transfer or the file system function requested by the user.
    • RETR: Retrieve a copy of the file
    • STOR:Accept the data and to store the data as a file at the server site
    • STOU: Store file uniquely.
    • APPE: Append (with create)
    • ALLO: Allocate sufficient disk space to receive a file.
    • REST: Restart transfer from the specified point.
    • RNFR: Rename from.
    • RNTO: Rename to.
    • ABOR: Abort an active file transfer.
    • DELE: Delete file.
    • RMD: Remove a directory.
    • MKD: Make Directory
    • PWD: Print working directory. Returns the current directory of the host.
    • LIST: Returns information of a file or directory if specified, else information of the current working directory is returned.
    • NLST: Returns a list of file names in a specified directory.
    • SITE: Sends site specific commands to remote server
    • SYST: Return system type.
    • STAT: Returns the current status.
    • HELP: Returns usage documentation on a command if specified, else a general help document is returned.
    • NOOP: No operation (dummy packet; used mostly on keepalives).

Q3. Consider an HTTP client that wants to retrieve a Web document at a given URL. The IP address of the HTTP server is initially unknown. What transport and application-layer protocols besides HTTP are needed in this scenario?

Solution. Before sending HTTP request, to get the IP Address of the HTTP server a DNS request will be created. Following are the protocols used over here:

  • For Application layer DNS (Domain Name System): UDP at Transport layer
  • For Application layer HTTP: TCP at Transport layer protocols are used.

Q4. Consider the following string of ASCII characters that were captured by
Wireshark when the browser sent an HTTP GET message (i.e., this is the actual content of an HTTP GET message). The characters <cr><lf>are carriage return and line-feed characters (that is, the italized character string <cr>in the text below represents the single carriage-return character that was contained at that point in the HTTP header). Answer the following questions, indicating where in the HTTP GET message below you find the answer.

GET /cs453/index.html HTTP/1.1<cr><lf>Host: gai<cr><lf>User-Agent: Mozilla/5.0 (
Windows;U; Windows NT 5.1; en-US; rv:1.7.2) Gec
ko/20040804 Netscape/7.2 (ax) <cr><lf>Accept:ex
t/xml, application/xml, application/xhtml+xml, text
/html;q=0.9, text/plain;q=0.8,image/png,*/*;q=0.5
<cr><lf>Accept-Language: en-us,en;q=0.5<cr><lf>AcceptEncoding: zip,deflate<cr><lf>Accept-Charset: ISO
-8859-1,utf-8;q=0.7,*;q=0.7<cr><lf>Keep-Alive: 300<cr>
  1. What is the URL of the document requested by the browser?
  2. What version of HTTP is the browser running?
  3. Does the browser request a non-persistent or a persistent connection
  4. What is the IP address of the host on which the browser is running
  5. What type of browser initiates this message? Why is the browser type
    needed in an HTTP request message?


  1. The URL of the server: the Host : field indicates the server’s name, which is On this server requested object is: /cs453/index.html. So, the complete URL of the object requested by the browser is:
  2. Version of HTTP is: HTTP/1.1
  3. Persistent Connection: As, browser requests for “Connection:keep-alive”
  4. IP address is property of network layer and appended in Network layer header, at Transport layer information of IP Address is not available.
  5. User-Agent: Mozilla/5.0. The browser type information is needed by the server to send different  versions of the same object to different types of browsers.

Q5. The text below shows the reply sent from the server in response to the HTTP GET message in the question above. Answer the following questions, indicating where in the message below you find the answer.

HTTP/1.1 200 OK<cr><lf>Date: Tue, 07 Mar 2008
12:39:45GMT<cr><lf>Server: Apache/2.0.52 (Fedora)
<cr><lf>Last-Modified: Sat, 10 Dec2005 18:27:46
GMT<cr><lf>ETag: “526c3-f22-a88a4c80”<cr><lf>AcceptRanges: bytes<cr><lf>Content-Length: 3874<cr><lf>
Keep-Alive: timeout=max=100<cr><lf>Connection:
Keep-Alive<cr><lf>Content-Type: text/html; charset=
ISO-8859-1<cr><lf><cr><lf><!doctype html public “-//w3c//dtd html 4.0 transitional//en”><lf><html><lf>
<head><lf> <meta http-equiv=”Content-Type”
content=”text/html; charset=iso-8859-1”><lf> <meta
name=”GENERATOR” content=”Mozilla/4.79 [en] (Windows NT
5.0; U) Netscape]”><lf> <title>CMPSCI 453 / 591 /
NTU-ST550A Spring 2005 homepage</title><lf></head><lf>
<much more document text following here (not shown)>
  1. Was the server able to successfully find the document or not? What time was the document reply provided?
  2. When was the document last modified?
  3. How many bytes are there in the document being returned?
  4. What are the first 5 bytes of the document being returned? Did the server agree to a persistent connection?


  1. 200 OK”, 200 is the status code for successful resolution of the requested object. The response is generated at server on “Date: Tue, 07 Mar 2008 12:39:45 GMT”.
  2. The document was last modified at on “Last-Modified: Sat, 10 Dec2005 18:27:46 GMT”
  3. Server sends “Content-Length: 3874” bytes.
  4. Content-Type: text/html; charset=ISO-8859-1<cr><lf><cr><lf><!doctype html public “-//w3c//dtd html 4.0 transitional//en”><lf><html><lf>
  5. The object starts from the text above in bold. So first 5 bytes of the object are: “<!doc” (As a character is of 1 byte or 8 bits in ASCII).

Q6. Obtain the HTTP/1.1 specification (RFC 2616). Answer the following questions:

  1. Explain the mechanism used for signaling between the client and server to indicate that a persistent connection is being closed. Can the client, the server, or both signal the close of a connection?
  2. What encryption services are provided by HTTP?
  3. Can a client open three or more simultaneous connections with a given server?
  4. Either a server or a client may close a transport connection between them if either one detects the connection has been idle for some time. Is it possible that one side starts closing a connection while the other side is transmitting data via this connection? Explain. 


  1. Any of the client or the server can indicate to the other that it is going to close the persistent connection. It does so by including the connection-token “close” in the Connection-header field of the http request/reply.
  2. There is no provision of encryption services in HTTP header control information, so HTTP does not provide any encryption services.
  3. As per RFC 2616 maximum number of connections can be established by a client with any server or proxy is limited to 2. The RFC 2616 stats as: “Clients that use persistent connections should limit the number of
    simultaneous connections that they maintain to a given server. A single-user client SHOULD NOT maintain more than 2 connections with any server or proxy.”
  4. Yes. The said situation may arise in real time. It is also mentioned in RFC 2616 as “A client might have started to send a new request at the same time that the server has decided to close the “idle” connection. From the server’s point of view, the connection is being closed while it was idle, but from the client’s point of view, a request is in progress.”  To address this situation, the one who initiates the connection close request should wait for the response from the other side for it.

Q7. Suppose within your

Web browser you click on a link to obtain a Web page. The IP address for the associated URL is not cached in your local host, so a DNS lookup is necessary to obtain the IP address. Suppose that n DNS servers are visited before your host receives the IP address from DNS; the successive visits incur an RTT of RTT1, . . ., RTTn. Further suppose that the Web page associated with the link contains exactly one object, consisting of a small amount of HTML text. Let RTT0 denote the RTT between the local host and the server containing the object. Assuming zero transmission time of the object, how much time elapses from when the client clicks on the link until the client receives the object?

Solution. Time taken to resolve the DNS query = RTT1+ RTT2. . . .. +RTTn  

Time taken to establish TCP connection is RTT0  

Time taken to send the request = RTT0/2 (As one way propagation delay from client to server)

Time taken to send the response = RTT0/2 (As one way propagation delay from server to client)

Total Time = DNS Resolution + TCP connection establishment + Requesting and receiving the HTTP object

 Total Time = [RTT0] + [RTT0/2 + RTT0/2] + [RTT1+ RTT2. . . .. +RTTn]

                      = 2RTT0+RTT1+ RTT2. . . .. + RTTn   

Q8. Referring to Q7, suppose the HTML file references eight very small objects on the same server. Neglecting transmission times, how much time elapses with

  1. Non-persistent HTTP with no parallel TCP connections?
  2. Non-persistent HTTP with the browser configured for 5 parallel connections?
  3. Persistent HTTP?

Solution. The important thing to note over here is that HTML file referring to 8 object, that means 1st HTML file (also called as base file) has to be downloaded. The base file contains the other 8 objects.


Time taken to resolve the DNS query = RTT1+ RTT2. . . .. +RTTn 

Time taken to get base file of HTTP = 2RTT0

Time taken for each object =2RTT0 (in 1st RTT TCP connection is established and in 2nd RTT object requested by client and sent the object by server)

 Time taken for 8 objects = 8*(2RTT0) = 16RTT0

Total Time taken  =  DNS resolution + Base file + 8 Objects

                                 = [RTT1+ RTT2. . . .. +RTTn]  +  [2RTT0 ] + [16RTT0]

                                 = RTT1+ RTT2. . . .. +RTTn + 18RTT0    


Over 5 parallel connections, 5 objects can be sent by server simultaneously. So, in 1st round 5 objects and in second round remaining 3 objects will be sent by server.

 Total Time taken  =  DNS resolution + Base file + 5 Objects + 3 objects

                     = [RTT1+ RTT2. . . .. +RTTn]  +  [2RTT0 ] + [2RTT0] + [2RTT0]  

                     = RTT1+ RTT2. . . .. +RTTn + 6RTT0    


In case of persistent HTTP, TCP connection will be established once and all the objects will be transferred over this connection:

 Total Time taken  =  DNS resolution + TCP connection + Base file + 8 obj

              = [RTT1+ RTT2. . . .. +RTTn]  +  [RTT0 ] + [RTT0] + [RTT0]  

              = RTT1+ RTT2. . . .. +RTTn + 3RTT0    

Q9. Consider Figure 2.12, for which there is an institutional network connected to the Internet. Suppose that the average object size is 850,000 bits and that the average request rate from the institution’s browsers to the origin servers is 16 requests per second. Also suppose that the amount of time it takes from when the router on the Internet side of the access link forwards an HTTP request until it receives the response is three seconds on average (see Section 2.2.5). Model the total average response time as the sum of the average access delay (that is, the delay from Internet router to institution router) and the average Internet delay. For the average access delay, use Δ/(1 – Δβ), where Δ is the average time required to send an object over the access link and β is the arrival rate of objects to the access link.

  1. Find the total average response time.
  2. Now suppose a cache is installed in the institutional LAN. Suppose the
    miss rate is 0.4. Find the total response time.

Figure 2_12

Solution. Given that propagation delay = 3 sec.


Transmission time = L/R.                                                                             

The average time = the average size of the object / R,

Δ = (850,000 bits)/(15,000,000 bits/sec) = .0567 sec
The traffic intensity on the link :

 = Δβ = (16 requests/sec)(.0567 sec/request) = 0.907. 

The average access delay = Δ/(1 – Δβ) = (.0567 sec)/(1 – .907) = .6 secs.

The total average response time is therefore .6 sec + 3 sec = 3.6 sec.


Hit rate = 1-0.4 => 60% of the requests are satisfied within the institutional network.

Thus the average access delay is (.0567 sec)/[1 – (.4)(.907)] = .089 sec.

The response time is approximately zero if the request is satisfied by  the cache (which happens with probability 0.6);

The average response time = .089 sec + 3 sec = 3.089 sec for cache misses (which happens 40% of the time).

So the average response time  = (.6)(0 sec) + (.4)(3.089 sec) = 1.24 sec. 

Thus the average response time is reduced from 3.6 sec to 1.24 sec.

Q10. Consider a short, 10-meter link, over which a sender can transmit at a rate of 150 bits/sec in both directions. Suppose that packets containing data are 100,000 bits long, and packets containing only control (e.g., ACK or handshaking) are 200 bits long. Assume that N parallel connections each get 1/N of the link bandwidth. Now consider the HTTP protocol, and suppose that each downloaded object is 100 Kbits long, and that the initial downloaded object contains 10 referenced objects from the same sender. Would parallel downloads via parallel instances of non-persistent HTTP make sense in this case? Now consider persistent HTTP. Do you expect significant gains over the non-persistent case? Justify and explain your answer.


  • Each object size =  a data packet.
  • Let propagation delay = dprop   

First considering parallel downloads using non-persistent connections:

  • Parallel downloads = 10
  • Bandwidth for each parallel connection = 15 bits/sec
  • Thus, the total time needed to receive all objects is given by:
    • First of all Base file has to be downloaded, as all the objects are placed in it, So time to download base file
      1. dtrans of Packet sent from client requesting to establish  TCP connection = 200/150    [as control packet size = 200bits]
      2. dprop of above packet from client to server = dprop
      3. dtrans of ACK of above packet from server to client = 200/150
      4. dprop of above ACK from server to client = dprop
      5. dtrans of packet sent from client requesting base file=200/150
      6. dprop of above packet from client to server = dprop  
      7. dtrans of base file objects from server to client = 100000/(150/10) = 100000/15
      8. dprop of above packet from client to server = dprop  
      9. Now 10 parallel connections will be established and 10 objects will downloaded over these parallel connection,
        1.  dtrans of Packet sent from client requesting to establish  TCP connection for objects = 200/150
        2. dprop of above packet from client to server = dprop
        3. dtrans of ACK for above packet from server to client = 200/150
        4. dprop of above ACK from server to client = dprop
        5. dtrans of packet sent from client requesting object  =200/150
        6. dprop of above packet from client to server = dprop
        7. dtrans of object from server to client = 100000/(150/10) = 100000/15
        8. dprop of above packet from server to client = dprop
  • Total time needed to receive all objects = sum of all of the above:
  • = [(200/150)] + [dprop] + [(200/150)] + [dprop] + [(200/150)] + [dprop] + [100000/15] + [dprop] + [(200/150)] + [dprop] + [(200/150)] + [dprop] + [(200/150)] + [dprop] + [100000/15] + [dprop]
  • = 7377 + 8*dprop  seconds

Now consider a persistent HTTP connection. The total time needed is given by:

  • Parallel downloads = 10
  • Bandwidth for each parallel connection = 15 bits/sec
  • Thus, the total time needed to receive all objects is given by:
    • First of all Base file has to be downloaded, as all the objects are placed in it, So time to download base file
      1. dtrans of Packet sent from client requesting to establish  TCP connection = 200/150    [as control packet size = 200bits]
      2. dprop of above packet from client to server = dprop
      3. dtrans of ACK of above packet from server to client = 200/150
      4. dprop of above ACK from server to client = dprop
      5. dtrans of packet sent from client requesting base file=200/150
      6. dprop of above packet from client to server = dprop  
      7. dtrans of base file objects from server to client = 100000/(150/10) = 100000/15
      8. dprop of above packet from client to server = dprop  
      9. Now the client can ask 10 objects serially one after another (as no parallel connections) over already established TCP connection (as persistent connection)
        1. dtrans of packet sent from client requesting 1st object  =200/150
        2. dprop of above packet from client to server = dprop
        3. dtrans of 1st object from server to client = 100000/(150/10) = 100000/15
        4. dprop of above packet from server to client = dprop
        5. Above 4 steps are repeated for remaining 9 objects.
  • Total time needed to receive all objects = sum of all of the above:
  • = {[(200/150)] + [dprop] + [(200/150)] + [dprop] + [(200/150)] + [dprop] + [100000/15] + [dprop] }+ 10*{ [(200/150)] + [dprop] + [100000/15] + [dprop]}
  • =7351 + 24*dprop seconds
  • Assuming the speed of light = 3*108 m/sec,
  • then, dprop=10/(3*108 ) =0.03 microsec.
  • dprop is therefore negligible compared with transmission delay.
    Thus, we see that persistent HTTP is not significantly faster (less than 1 percent) than the non-persistent case with parallel download.

Q11. Consider the scenario introduced in the previous problem. Now suppose that the link is shared by Bob with four other users. Bob uses parallel instances of non-persistent HTTP, and the other four users use non-persistent HTTP without parallel downloads.

  1. Do Bob’s parallel connections help him get Web pages more quickly?
    Why or why not?
  2. If all five users open five parallel instances of non-persistent HTTP, then would Bob’s parallel connections still be beneficial? Why or why not?


  1. Yes, because Bob has more connections, he can get a larger share of the link bandwidth.
  2. Yes, Bob still needs to perform parallel downloads; otherwise he will get less bandwidth than the other four users.

Q12. Write a simple TCP program for a server that accepts lines of input from a client and prints the lines onto the server’s standard output. (You can do this by modifying the program in the text.) Compile and execute your program. On any other machine that contains a Web browser, set the proxy server in the browser to the host that is running your server program; also configure the port number appropriately. Your browser should now send its GET request messages to your server, and your server should display the messages on its standard output. Use this platform to determine whether your browser generates conditional GET messages for objects that are locally cached.

from socket import *
connectionSocket, addr = serverSocket.accept()
while 1:
sentence = connectionSocket.recv(1024)
print ‘From Server:’, sentence, ‘\n’

Q13. What is the difference between MAIL FROM: in SMTP and From: in the
mail message itself?

Solution. The MAIL FROM: in SMTP it identifies the SMTP client of the mail message to the SMTP server. The From: on the mail message itself is NOT an SMTP message, but rather is just a line in the body of the mail message, which identifies the sender user.

Q14. How does SMTP mark the end of a message body? How about HTTP? Can HTTP use the same method as SMTP to mark the end of a message body? Explain.


  • SMTP uses a line containing only a period to mark the end of a message body.
  • HTTP uses “Content-Length header field” to indicate the length of a message body.
  • No, HTTP cannot use the method used by SMTP, because HTTP message could be binary data, whereas in SMTP, the message body must be in 7-bit ASCII format.

Q15. Read RFC 5321 for SMTP. What does MTA stand for? Consider the following received spam email (modified from a real spam email). Assuming only the originator of this spam email is malacious and all other hosts are honest, identify the malicious host that has generated this spam email.

From – Fri Nov 07 13:41:30 2008
Return-Path: <[email protected]>
Received: from
( []) by
(8.13.1/8.12.6) for <[email protected]>; Fri, 7 Nov 2008 13:27:10 -0500
Received: from asusus-4b96 (localhost []) by (Spam Firewall) for <[email protected]>; Fri, 7 Nov 2008 13:27:07 -0500(EST) Received: from asusus-4b96 ([]) by for <[email protected]>; Fri, 07 Nov 2008 13:27:07 -0500 (EST)
Received: from [] by; Sat, 8 Nov 2008 01:27:07 +0700
From: “Jonny” <[email protected]>
To: <[email protected]>
Subject: How to secure your savings

Solution. MTA stands for Mail Transfer Agent. A host sends the message to an MTA. The message then follows a sequence of MTAs to reach the receiver’s mail reader. We see that this spam message follows a chain of MTAs. An honest MTA should report where it receives the message. Notice that in this message, “asusus-4b96 ([])” does not report from where it received the email. Since we assume only the originator is
dishonest, so “asusus-4b96 ([])” must be the originator. 

Q16. Read the POP3 RFC, RFC 1939. What is the purpose of the UIDL POP3

Solution. MTA stands for Mail Transfer Agent. A host sends the message to an MTA. The message then follows a sequence of MTAs to reach the receiver’s mail reader. We see that this spam message follows a chain of MTAs. An honest MTA should report where it receives the message. Notice that in this message, “asusus-4b96 ([])” does not report from where it received the email. Since we assume only the originator is dishonest, so “asusus-4b96 ([])” must be the originator. 

Q17. Consider accessing your e-mail with POP3.

  1. Suppose you have configured your POP mail client to operate in the
    download-and-delete mode. Complete the following transaction:
    S: 1 498
    S: 2 912
    S: .
    C:retr 1
    S: blah blah …
    S: ……….blah
    S: .
  2. Suppose you have configured your POP mail client to operate in the
    download-and-keep mode. Complete the following transaction:
    S: 1 498
    S: 2 912
    S: .
    C:retr 1
    S: blah blah …
    S: ……….blah
    S: .
  3. Suppose you have configured your POP mail client to operate in the download-and-keep mode. Using your transcript in part (b), suppose you retrieve messages 1 and 2, exit POP, and then five minutes later you again access POP to retrieve new e-mail. Suppose that in the five-minute interval no new messages have been sent to you. Provide a transcript of this second POP session.


  1. C: dele 1
    C: retr 2
    S: (blah blah …
    S: ………..blah)
    S: .
    C: dele 2
    C: quit
    S: +OK POP3 server signing off
    b) C: retr 2
    S: blah blah …
    S: ………..blah
    S: .
    C: quit
    S: +OK POP3 server signing off
    c) C: list
    S: 1 498
    S: 2 912
    S: .
    C: retr 1
    S: blah …..
    S: ….blah
    S: .
    C: retr 2
    S: blah blah …
    S: ………..blah
    S: .
    C: quit
    S: +OK POP3 server signing off


  1. What is a whois database?
  2. Use various whois databases on the Internet to obtain the names of two DNS servers. Indicate which whois databases you used.
  3. Use nslookup on your local host to send DNS queries to three DNS servers: your local DNS server and the two DNS servers you found in part (b). Try querying for Type A, NS, and MX reports. Summarize your findings.
  4. Use nslookup to find a Web server that has multiple IP addresses. Does
    the Web server of your institution (school or company) have multiple IP addresses?
  5. Use the ARIN whois database to determine the IP address range used by your university.
  6. Describe how an attacker can use whois databases and the nslookup tool to perform reconnaissance on an institution before launching an attack.
  7. Discuss why whois databases should be publicly available.


    • The whois database stores the contact and registration information for every domain registered with a particular registrar.
    • WHOIS databases are maintained by individual registrars and not by the central registry.
    • When a domain name in registered with a registrar, it pass on the contact details to the WHOIS (

    • These details will be publicly available through WHOIS services.

    • It is a legal requirement to make the details of contact and registration information online for most of the domains.

  2. Name server: TIA.NS.CLOUDFLARE.COM and KANYE.NS.CLOUDFLARE.COM are the DNS server names from
    • Open cmd (command prompt)
    • Type “nslookup” and hit enter key
    • Now you are into the nslookup environment
    • Enter website name ex.
    • This will return IP address of queried website
    • Type “set q=MX”
    • Now all the query after this will be of type MX
  4. Try it out by yourself. i.e. “” has two IP addresses.
  5. Try it out by yourself.
  6. An attacker can use the whois database and nslookup tool to determine the IP address ranges, DNS server addresses, etc., for the target institution.
  7. Whois database is useful in finding out the domain using which attacker trying to compromise the victim site. By analyzing the source address of attack packets, using whois services, information about domain from which the attack packets are coming can be retrieved and the administrators of the origin domain can be informed accordingly for necessary actions.

Q19. In this problem, we use the useful digtool available on Unix and Linux hosts to explore the hierarchy of DNS servers. Refer Figure 2.21, a DNS server higher in the DNS hierarchy delegates a DNS query to a DNS server lower in the hierarchy, by sending back to the DNS client the name of that lower-level DNS server. First read the man page for dig,and then answer the following questions.

  1. Starting with a root DNS server (from one of the root servers [a-m], initiate a sequence of queries for the IP address for your department’s Web server by using dig.Show the list of the names of DNS servers in the delegation chain in answering your query.
  2. Repeat part a) for several popular Web sites, such as,, or

Figure 2.21

Solution. Do it by Yourself

Q20. Suppose you can access the caches in the local DNS servers of your department. Can you propose a way to roughly determine the Web servers (outside your department) that are most popular among the users in your department? Explain. 


  • Open cmd (command promt) in windows
  • Type the command “ipconfig /displaydns”
  • It will show the entries of local DNS server stored.
  • The Web server that appears most frequently in the DNS caches is the most popular server.

Q21. Suppose that your department has a local DNS server for all computers in the department. You are an ordinary user (i.e., not a network/ system administrator). Can you determine if an external Web site was likely accessed from a computer in your department a couple of seconds ago? Explain.

Solution. For this, we can use the software “dig” in windows.

  • After installation of “dig” software, open cmd (command prompt).
  • Suppose we want to check whether the website “” is accessed or not:
  • Type the command “dig”

Q22. Consider distributing a file of F= 15 Gbits to N peers. The server has an upload rate of us= 30 Mbps, and each peer has a download rate of di= 2 Mbps and an upload rate of u. For N= 10, 100, and 1,000 and u= 300 Kbps, 700 Kbps, and 2 Mbps, prepare a chart giving the minimum distribution time for each of the combinations of N and u for both client-server distribution and P2P distribution.

Solution. Refer section 2.6.1 for details:

Dstribution time (for Client – Server) (Dcs)= max {NF/us, F/dmin

Distribution time (for P2P) (DP2P) =

Distribution time for peer to peer (P2P)

Given that,, F = 15 Gbits = 15 * 1024 Mbits, us= 30 Mbps, dmin = di = 2 Mbps
Note, 300Kbps = 300/1024 Mbps.

Client – Server
    10 100 1000
  300 Kbps 7680 51200 51200
u 700 Kbps 7680 51200 51200
  2 Mbps 7680 51200 51200


    10 100 1000
  300 Kbps 7680 25904 47559
u 700 Kbps 7680 15616 21525
  2 Mbps 7680 7680 7680

Q.23. Consider distributing a file of Fbits to Npeers using a client-server architecture. Assume a fluid model where the server can simultaneously transmit to multiple peers, transmitting to each peer at different rates, as long as the combined rate does not exceed us.

  1. Suppose that (us/N) ≤ dmin. Specify a distribution scheme that has a distribution time of NF/us
  2. Suppose that (us/N) ≥ dmin. Specify a distribution scheme that has a distribution time of F/dmin.
  3. Conclude that the minimum distribution time is in general given by
    max {NF/us, F/dmin}


  1. Consider a distribution scheme in which the server sends the file to each client, in parallel, at a rate of a rate of us/N.
    • Given that,  us/N ≤dmin.
    • Thus each client can also receive at rate us/N.
    • Since each client receives at rate = us/N,
    • For complete file Time = F/( us/N) = NF/ u
    • Since all the clients receive the file in NF/ us, the overall distribution time is also NF/us
    • Considering a distribution scheme where the server sends the file to each client, in parallel, at the rate = dmin.
    • Note that the aggregate rate, N*dmin ≤ us (server’s link rate of server) ,
    • since by assumption us/N ≥dmin.
    • Since each client receives at rate dmin,
    • the time for each client to receive the entire file= F/ dmin
    • . Since all the clients receive the file in this time, the overall distribution time is also F/ dmin.

Q24. Consider distributing a file of F bits to N peers using a P2P architecture. Assume a fluid model. For simplicity assume that dmin is very large, so that peer download bandwidth is never a bottleneck.

  1. Suppose that us ≤ (us +u1+ … + uN)/N.  Specify a distribution scheme
    that has a distribution time of F/us.
  2. Suppose that us≥(us+u1+ … + uN)/N.
    • Specify a distribution scheme that has a distribution time of NF/(us+u1+ … +uN).
  3. Conclude that the minimum distribution time is in general given by max{F/us,NF/(us+u1+ … + uN)}.

Solution. Refer Q23 and section 2.6 of the book.

Q25. Consider an overlay network with N active peers, with each pair of peers having an active TCP connection. Additionally, suppose that the TCP connections pass through a total of M routers. How many nodes and edges are there in the corresponding overlay network? 

Solution. Overlay network is like mesh topology, in which each node has a direct link with all other nodes. 

  • Number of nodes =N,
  • For N nodes, the number of links/edges = N(N-1)/2

Q26. Suppose Bob joins a BitTorrent torrent, but he does not want to upload any data to any other peers (so called free-riding).

  1. Bob claims that he can receive a complete copy of the file that is shared by the swarm. Is Bob’s claim possible? Why or why not?
  2. Bob further claims that he can further make his “free-riding” more efficient by using a collection of multiple computers (with distinct IP addresses) in the computer lab in his department. How can he do that?


  1. Yes, it is possible. Free-riding says that one can download without uploading a file.
  2. Yes it is possible, by running a client on each host using “free-ride” and combine the collected chunks from the different hosts into a single file.

Q27. In the circular DHT example in Section 2.6.2, suppose that peer 3 learns that peer 5 has left. How does peer 3 update its successor state information? Which peer is now its first successor? Its second successor?

Solution. Peer 3 learns that peer 5 has just left the system, so Peer 3 asks its first successor (Peer 4) for the identifier of its immediate successor (peer 8). Peer 3 will then make peer 8 its second successor. 
Q28. In the circular DHT example in Section 2.6.2, suppose that a new peer 6
wants to join the DHT and peer 6 initially only knows peer 15’s IP address.
What steps are taken?


  • Peer 6 sends message “what will be peer 6’s predecessor and successor?” to peer 15.
  • This message gets forwarded through the DHT until it reaches peer 5,
  • On receiving this message peer 5 get to know that it will be 6’s predecessor and that its current successor, peer 8, will become
    6’s successor.
  • Then, peer 5 sends updated information of predecessor and successor back to 6.
  • Peer 6 can now join the DHT by making peer 8 its successor and by notifying peer 5 that it should change its immediate successor to 6.

Q29. Because an integer in [0, 2n-1] can be expressed as an n-bit binary number in a DHT, each key can be expressed as k= (k0,k1,. . . . kn-1), and each peer identifier can be expressed p= (p0,p1, . . . . . .,pn-1). Let’s now define the XOR distance between a key k and peer p as

Describe how this metric can be used to assign (key, value) pairs to peers.(To learn about how to build an efficient DHT using this natural metric, see
[Maymounkov 2002] in which the Kademlia DHT is described.)

Solution. For each key,

  • Distances [using d(k,p) ]between the key and all peers are calculated.
  • Then store the key in the peer whose distance is minimum from the key. (that is, with smallest distance value).

Q30. As DHTs are overlay networks, they may not necessarily match the underlay physical network well in the sense that two neighboring peers might be physically very far away; for example, one peer could be in Asia and its neighbor could be in North America. If we randomly and uniformly assign identifiers to newly joined peers, would this assignment scheme cause such a mismatch? Explain. And how would such a mismatch affect the DHT’s performance?

Solution. Yes, randomly assigning keys to peers does not consider the underlying network at all, so  it very likely causes mismatches. Such mismatches may degrade the search performance. For example, consider a logical path p1 (consisting of only two logical links): A->B->C, where A and B are neighboring peers, and B and C are neighboring peers. Suppose that there is another logical path p2 from A to C (consisting of 3 logical links): A->D->E->C.
It might be the case that A and B are very far away physically (and separated by many routers), and B and C are very far away physically (and separated by many routers). But it may be the case that A, D, E, and C are all very close physically (and all separated by few routers). In other words, a shorter logical path may correspond to a much longer physical path.

Q31. Install and compile the Python programs TCPClient and UDPClient on one host and TCPServer and UDPServer on another host.

  1. Suppose you run TCPClient before you run TCPServer. What happens?
  2. Suppose you run UDPClient before you run UDPServer. What happens?Why?
  3. What happens if you use different port numbers for the client and server sides?


  1. When TCPClient executed, it will look for a server to make a TCP connection. As the server is not available to establish the TCP connect the TCP connection will not be established.
  2. UDP is connection-less protocol so UDPClient doesn’t establish a connection with the server. Thus, everything should work fine if you first run UDPClient, then run UDPServer, and then type some input into the keyboard.
  3. If different port numbers are used at both ends, the client will try to establish a TCP connection with the wrong process.

Q32. Suppose that in, after we create the socket, we add the line: clientSocket.bind((”, 5432)). Will it become necessary to change What are the port numbers for the sockets in UDPClient and UDPServer? What were they before making this change?


  • In the original program, the port number is not specified by us, so the underlying operating system choose a port number.
  • After adding the code line explicitly the port number 5432 is specified.
  • The server should have the port number of client side, so that it can send the response to the request.
  • The UDPServer determines the client port number by examining the datagram it receives from the client.
  • That is UDP server will work with any client port number
    Client socket = x (chosen by OS)
    Server socket = 8956
    Client socket = 5432

Q33. Can you configure your browser to open multiple simultaneous connections to a Web site? What are the advantages and disadvantages of having a large number of simultaneous TCP connections?

Solution. Yes, the browser can be configured to open multiple simultaneous connections to a Web site.

  • Opening simultaneous connections to a website, data can be downloaded in parallel thus will take less time.
  • The disadvantage is that, downloading speed of other users sharing the same physical media can be slowed down as you are exploiting the bandwidth at a higher rate. 

Q34. We have seen that Internet TCP sockets treat the data being sent as a byte stream but UDP sockets recognize message boundaries. What are one advantage and one disadvantage of byte-oriented API versus having the API
explicitly recognize and preserve application-defined message boundaries?


  • TCP is a stream oriented protocol and UDP is a byte oriented protocol.
  • What transport layer protocol will be best suitable for application, depends on the type of application.
  • Advantage: Applications that read/write byte streams, such as hhtp, smtp, ssh, or telnet, have no notion of message boundaries so a byte stream protocol makes the most sense.
  • Disadvantage: Transport layer protocols that send a series of messages (i.e. UDP) would need a way to distinguish the end of one message and the start of the next one.
  • Since TCP does not have a way to indicate message boundaries, the application developer needs to incorporate this capability of identifying end of each message.

Q35. What is the Apache Web server? How much does it cost? What functionality does it currently have? You may want to look at Wikipedia to answer this question.


  • To create a web server, we need to run web server software on a host or system.
  • Many software developing companies sell web server software.
  • The widely popular and used web server software is Apache.
  • It is an open source and freeware software.

Q36. Many BitTorrent clients use DHTs to create a distributed tracker. For these DHTs, what is the “key” and what is the “value”?


  • The “key” is the infohash, and
  • The “value” is an IP address that currently has the file designated by the key or infohash.

What do you think about the article?

This site uses Akismet to reduce spam. Learn how your comment data is processed.